Problem with AIX 5.1 JDK1.4 WLS 8.1.2
843811Mar 11 2004 — edited Mar 22 2004 I am getting "No LoginModules configured " after upgrading to WLS 8. My application can work under WLS 7 (AIX and NT) and WLS 8 ( NT only ). I have tried to force my own security policy but it still does not work. Attached with this email are all the related config files.
When using a sample jaas client, I am able to get my own login module to be loaded. So, I am sure it is not a JDK issue.
================================= Start WebLogic Command =================================
/usr/java14/jre/bin/java -Xms1024m -Xmx1024m -Djava.security.auth.login.config==/usr/java14/jre/lib/security/jaas.config -Xrunoii:filter=/tool/optimizeit/OptimizeitSuiteDemo/filters/WebLogic.oif -Xbootclasspath/a:/tool/optimizeit/OptimizeitSuiteDemo/lib/oibcp.jar -Dweblogic.Name=myserver -Dweblogic.ProductionModeEnabled=false -Djava.security.policy==/usr/java14/jre/lib/security/java.policy -Djava.security.manager weblogic.Server
==================================== WebLogic Server Log ==================================
policy weblogic.Server
Optimizeit Profiler 5.0 build 030204 Audit System.
(c) 1997-2002 Borland.
Port is 1472
OptimizeIt generic Audit System. [IBM VM detected]
<Mar 11, 2004 6:13:57 PM GMT+08:00> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Classic VM Version 1.4.1 from IBM Corporation>
<Mar 11, 2004 6:14:00 PM GMT+08:00> <Info> <Configuration Management> <BEA-150016> <This server is being started as the administration server.>
<Mar 11, 2004 6:14:00 PM GMT+08:00> <Info> <Management> <BEA-141107> <Version: WebLogic Server 8.1 SP2 Fri Dec 5 15:01:51 PST 2003 316284
WebLogic XMLX Module 8.1 SP2 Fri Dec 5 15:01:51 PST 2003 316284 >
<Mar 11, 2004 6:14:03 PM GMT+08:00> <Notice> <Management> <BEA-140005> <Loading domain configuration from configuration repository at /usr/local/bea812/user_projects/domains/cdmperftest2domain/./config.xml.>
<Mar 11, 2004 6:14:24 PM GMT+08:00> <Notice> <Log Management> <BEA-170019> <The server log file /usr/local/bea812/user_projects/domains/cdmperftest2domain/myserver/myserver.log is opened. All server side log events will be written to this file.>
<Mar 11, 2004 6:14:39 PM GMT+08:00> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Mar 11, 2004 6:14:40 PM GMT+08:00> <Notice> <WebLogicServer> <BEA-000327> <Starting WebLogic Admin Server "myserver" for domain "cdmperftest2domain">
<Mar 11, 2004 6:15:06 PM GMT+08:00> <Warning> <HTTP> <BEA-101296> <Unable to load the default compiler class "com.sun.tools.javac.Main". Using the default javac compiler to compile JSPs.>
<Mar 11, 2004 6:15:57 PM GMT+08:00> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "myserver" for domain "cdmperftest2domain" running in Development Mode>
<Mar 11, 2004 6:15:57 PM GMT+08:00> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7023, ip address *.*>
<Mar 11, 2004 6:15:57 PM GMT+08:00> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
javax.security.auth.login.LoginException: No LoginModules configured for LoginModule
at javax.security.auth.login.LoginContext.init(LoginContext.java:210)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:425)
at com.firsttech.common.framework.security.SessionLoginContext.<init>(Unknown Source)
at com.firsttech.common.framework.security.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:28)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6360)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java(Compiled Code))
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java(Compiled Code))
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3650)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2589)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
#
# @(#)src/security/sov/config/java.security, security, hs141, 20030503 1.6.3.2
# ===========================================================================
# Licensed Materials - Property of IBM
# "Restricted Materials of IBM"
#
# IBM SDK, Java(tm) 2 Technology Edition, v1.4.1
# (C) Copyright IBM Corp. 1998, 2002. All Rights Reserved
# ===========================================================================
#
#
# This is the "master security properties file".
#
# In this file, various security properties are set for use by
# java.security classes. This is where users can statically register
# Cryptography Package Providers ("providers" for short). The term
# "provider" refers to a package or set of packages that supply a
# concrete implementation of a subset of the cryptography aspects of
# the Java Security API. A provider may, for example, implement one or
# more digital signature algorithms or message digest algorithms.
#
# Each provider must implement a subclass of the Provider class.
# To register a provider in this master security properties file,
# specify the Provider subclass name and priority in the format
#
# security.provider.<n>=<className>
#
# This declares a provider, and specifies its preference
# order n. The preference order is the order in which providers are
# searched for requested algorithms (when no specific provider is
# requested). The order is 1-based; 1 is the most preferred, followed
# by 2, and so on.
#
# <className> must specify the subclass of the Provider class whose
# constructor sets the values of various properties that are required
# for the Java Security API to look up the algorithms or other
# facilities implemented by the provider.
#
# There must be at least one provider specification in java.security.
# The number 1 is used for the default provider.
#
# Note: Statically registered Provider subclasses are instantiated
# when the system is initialized. Providers can be dynamically
# registered instead by calls to either the addProvider or
# insertProviderAt method in the Security class.
#
# List of providers and their preference orders (see above):
#
security.provider.1=com.ibm.jsse.IBMJSSEProvider
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
#
# The entropy gathering device is described as a URL and can
# also be specified with the property "java.security.egd". For example,
# -Djava.security.egd=file:/dev/urandom
# Specifying this property will override the securerandom.source setting.
#
# Class to instantiate as the javax.security.auth.login.Configuration
# provider.
#
login.configuration.provider=com.ibm.security.auth.login.ConfigFile
#login.configuration.provider=
#
# Default login configuration file
#
login.config.url.1=file:${java.home}/lib/security/jaas.config
#
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
#
policy.provider=sun.security.provider.PolicyFile
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${java.home}/lib/security/java.pol
policy.url.3=file:///${user.home}/.java.policy
# whether or not we expand properties in the policy file
# if this is set to false, properties (${...}) will not be expanded in policy
# files.
policy.expandProperties=true
# whether or not we allow an extra policy to be passed on the command line
# with -Djava.security.policy=somefile. Comment out this line to disable
# this feature.
policy.allowSystemProperty=true
# whether or not we look into the IdentityScope for trusted Identities
# when encountering a 1.1 signed JAR file. If the identity is found
# and is trusted, we grant it AllPermission.
policy.ignoreIdentityScope=false
#
# Default keystore type.
#
keystore.type=jks
#
# Class to instantiate as the system scope:
#
system.scope=sun.security.provider.IdentityDatabase
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
#package.definition=
#
# Determines whether this properties file can be appended to
# or overridden on the command line via -Djava.security.properties
#
security.overridePropertiesFile=true
#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509
#
# Determines the default SSLSocketFactory and SSLServerSocketFactory
# provider implementations for the javax.net.ssl package. If, due to
# export and/or import regulations, the providers are not allowed to be
# replaced, changing these values will produce non-functional
# SocketFactory or ServerSocketFactory implementations.
#
#ssl.SocketFactory.provider=
#ssl.ServerSocketFactory.provider=
#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set.
#
# NOTE: setting this to anything other than the default value can have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
# The Java-level namelookup cache policy for failed lookups:
#
# any negative value: cache forever
# any positive value: the number of seconds to cache negative lookup results
# zero: do not cache
#
# In some Microsoft Windows networking environments that employ
# the WINS name service in addition to DNS, name service lookups
# that fail may take a noticeably long time to return (approx. 5 seconds).
# For this reason the default caching policy is to maintain these
# results for 10 seconds.
networkaddress.cache.negative.ttl=10
LoginModule {
com.firsttech.common.framework.security.RdbmsLoginModule required debug=false;
};
//
// @(#)src/security/sov/config/java.policy, security, hs141, 20030503 1.2.3.2
// ===========================================================================
// Licensed Materials - Property of IBM
// "Restricted Materials of IBM"
//
// IBM SDK, Java(tm) 2 Technology Edition, v1.4.1
// (C) Copyright IBM Corp. 1998, 2002. All Rights Reserved
// ===========================================================================
//
// Standard extensions get all permissions by default
grant codeBase "file:${java.home}/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/*" {
permission java.security.AllPermission;
};
// default permissions granted to all domains
grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See "http://java.sun.com/notes" for more information.
permission java.lang.RuntimePermission "stopThread";
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
permission java.util.PropertyPermission "weblogic.security.SubjectManager", "read";
permission java.util.PropertyPermission "AUDIT", "read";
permission java.util.PropertyPermission "*", "read,write";
permission java.io.FilePermission "*", "read";
permission java.security.AllPermission;
};